Add test for Enabling Policy Enforcement (#6622)

2020-02-27 23:22:05 +05:30 · 2020-02-27 23:22:05 +05:30 · a72730d3de
parent 6fb12b9c8e
commit a72730d3de
4 changed files with 135 additions and 0 deletions
--- a/tests/policies/enabling_policy_enforcement_test.go
+++ b/tests/policies/enabling_policy_enforcement_test.go
@ -0,0 +1,36 @@
+// Copyright 2020 Istio Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package policies
+
+import (
+	"testing"
+
+	"istio.io/istio/pkg/test/framework"
+	"istio.io/istio/pkg/test/istioio"
+)
+
+// https://preliminary.istio.io/docs/tasks/policy-enforcement/enabling-policy/
+func TestEnablingPolicyEnforcement(t *testing.T) {
+	framework.
+		NewTest(t).
+		Run(istioio.NewBuilder("tasks__policy_enforcement__enabling_policy").
+			Add(istioio.Script{
+				Input: istioio.Path("scripts/enabling_policy_enforcement.txt"),
+			}).
+			Defer(istioio.Script{
+				Input: istioio.Path("scripts/revert_policy_enforcement.txt"),
+			}).
+			Build())
+}
--- a/tests/policies/main_test.go
+++ b/tests/policies/main_test.go
@ -0,0 +1,35 @@
+// Copyright 2020 Istio Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package policies
+
+import (
+	"testing"
+
+	"istio.io/istio/pkg/test/framework"
+	"istio.io/istio/pkg/test/framework/components/environment"
+	"istio.io/istio/pkg/test/framework/components/istio"
+)
+
+var (
+	inst istio.Instance
+)
+
+func TestMain(m *testing.M) {
+	framework.
+		NewSuite("policies", m).
+		SetupOnEnv(environment.Kube, istio.Setup(&inst, nil)).
+		RequireEnvironment(environment.Kube).
+		Run()
+}
--- a/tests/policies/scripts/enabling_policy_enforcement.txt
+++ b/tests/policies/scripts/enabling_policy_enforcement.txt
@ -0,0 +1,35 @@
+#!/usr/bin/env bash
+
+# Copyright 2020 Istio Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -e
+set -u
+set -o pipefail
+
+# $snippet check_policy_enforcement_status.sh syntax="bash"
+$ kubectl -n istio-system get cm istio -o jsonpath="{@.data.mesh}" | grep disablePolicyChecks
+# $verify
+disablePolicyChecks: true
+# $endsnippet
+
+# $snippet update_config_for_policy_enforcement.sh syntax="bash"
+$ istioctl manifest apply --set values.global.disablePolicyChecks=false --set values.pilot.policy.enabled=true --wait
+# $endsnippet
+
+# $snippet validate_policy_enforcement_status.sh syntax="bash"
+$ kubectl -n istio-system get cm istio -o jsonpath="{@.data.mesh}" | grep disablePolicyChecks
+# $verify
+disablePolicyChecks: false
+# $endsnippet
--- a/tests/policies/scripts/revert_policy_enforcement.txt
+++ b/tests/policies/scripts/revert_policy_enforcement.txt
@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+
+# Copyright 2020 Istio Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -e
+set -u
+set -o pipefail
+
+# $snippet revert_config_for_policy_enforcement.sh syntax="bash"
+$ istioctl manifest apply --set values.global.disablePolicyChecks=true --set values.pilot.policy.enabled=false --wait
+# $endsnippet
+
+# $snippet verify_policy_enforcement_status.sh syntax="bash"
+$ kubectl -n istio-system get cm istio -o jsonpath="{@.data.mesh}" | grep disablePolicyChecks
+# $verify
+disablePolicyChecks: true
+# $endsnippet